EFF Submits Comments to 'Independent' Office of the Director of National Intelligence's Review Group

There's an eerie similarity between the National Security Agency spying uncovered in the 1970s, which included the intelligence community spying on political activists and the NSA's collection of every single international telegram being sent from the United States, and the NSA spying today. Back then, after journalists reported on the illegal actions of the NSA, President Gerald Ford appointed Vice President Nelson Rockefeller to spearhead a commission to look into the allegations of illegal actions by the intelligence community. The Rockefeller Commission was not sufficient to make serious reforms, which only arrived later, after the Congress created the Church Committee.

Today, after the Snowden leaks, President Barack Obama asked Gen. James Clapper, the Director of National Intelligence—whose office oversees the entire intelligence community, which includes the NSA—to form a "Review Group on Intelligence and Communications Technologies." The presidential memorandum establishing the Review Group did not mention the word privacy or civil liberties once, but the group is asking for comments on how the United States can "employ [its] technical collection capabilities…while respecting our commitment to privacy and civil liberties."

The Review Group, which has been furloughed during the government shutdown, will be collecting comments even after the due date of October 4. While we will likely need a new Church Committee to obtain needed reform, we recommend that you also tell the US government what you think about the illegal and unconstitutional spying.

The EFF submitted comments to the Review Group on Friday. Here's a summary and some selections from the full comments. Our technologists also contributed to a separate submission from prominent computer scientists, code, technologists and engineers.

Most importantly, we're asking the Review Group for

a review of the confluence of the technical collection capacities and advancing collection technologies with the Constitution, statutory authorities, and, more simply, users' privacy concerns. A full legal analysis is not expected in the Group’s report. However, the Group should focus on the everyday practical concerns about the collection of innocent users’ metadata, phone calls, and emails; and the collection of huge datasets that may provide voluminous amounts of intimate information."Metadata" is a vital aspect in answering the above questions. In today's modern age, metadata and other non-content information gleaned from modern telecommunications can reveal intimate details about one's life. It is imperative, in light of advancing technological collection capacities, that the Review Group analyze how the act of collecting innocent users' metadata impacts the public trust and public discourse around the NSA's surveillance capacities.Dragnet or bulk collection of information must be replaced with particularized, and targeted acquisition. The intelligence community must begin to think about questions like whether or not mass data collection is viable, if it's absolutely necessary, and what type of data is the most effective to acquire.

To address the dangers enabled by this vast increase in technical capacity, it is critical to stop the spying. Dragnet or bulk collection of information must be replaced with particularized, and targeted acquisition. The intelligence community must begin to think about questions like whether or not mass data collection is viable, if it's absolutely necessary, and what type of data is the most effective to acquire. With a frank and honest evaluation of these questions, the conclusion is inescapable—the mass spying program should be stopped.

We're also asking the Review Group to focus on three additional issues:

While we hope you read the entire submission, here are some select portions from the rest of the document:

Introduction

Fundamental to this review is how intimate personal information can be uncovered by mining the collection of metadata and other information about users. A report must include the practical policy considerations of what type of data to collect, if any privacy issues are triggered by such a collection, if such collection is within the mission of the intelligence community agency, and the effectiveness of such huge data sets of information. As we've witnessed from the public discourse around these programs, such collection betrays the public trust in the intelligence community—a trust that is vital to its success.

Section 1: Advancing transparency issues, and offering solutions to the broken classification system

After reviewing the privacy implications, the Review Group must examine issues around transparency, the lack of which is corrosive to democracy and the rule of law. At the core of any discussion on these programs is the unsustainable classification system. Congress, litigants, and the general public cannot have a full dialogue on these issues when overclassification is rampant. The recently disclosed information about the NSA programs strongly indicates that information is classified primarily to ensure that the public is unaware of the scope of domestic surveillance.

First, the committee must conduct itself in the most transparent way possible. This includes following the procedures in the Federal Advisory Committee Act (FACA). Currently the Review Group is not following the requirements of FACA, which would provide added transparency of, and public trust in, the Review Group. The committee must also hold public testimony and publish public reports—including its final report and recommendations to the Director of National Intelligence and to the President. This Review Group should follow up on the recent declassification of documents by recommending the declassification of documents it receives, or provide a listing of documents it has reviewed so that the public can be fully informed.

Even before the latest information published about the NSA’s strategies for cryptography, there was significant concern in the technical community about the potential the subversion of international security standards and the use of legal or extra-legal processes to gain access to private keys held by major service providers. Both actions compromise the privacy and security of domestic data and communications on a mass scale.When the government pushes "cybersecurity" bills to protect our computer networks, and when law enforcement repeats its “going dark” talking point, it is unthinkable that the NSA is deliberately and covertly sabotaging our devices and networks. This seriously undermines privacy and security, as well as public trust in privacy and security technologies—and in all related government action. Moreover, the government has never explained how the NSA has the statutory authority to operate domestically to weaken or introduce vulnerabilities in the domestic data infrastructure. In short, the Review Group must investigate the extent to which the NSA's cryptologic strategy has decreased our national security.

Section 3: Obtaining an independent technologist to advise and provide assistance to the group.

As noted, a recurring challenge with effective oversight of the NSA spying is that major actors in the program lack sufficient technical knowledge to fully understand what NSA is doing or the implications of NSA activities. This extends from political officials to Congress to the FISA Court judges. No person or entity can successfully oversee programs without understanding the technical details of how that spying takes place and what its implications are. The panel should have an individual intimately familiar with computer technologies at both the level of “code” and in the broader network environment. That person needs to have a clearance at least as high as the members of the review committee.

The Review Group must look into and release the metrics used to conduct such an evaluation. It must also develop metrics and evaluations for other collection programs. Fundamental questions like whether there is a consistent evaluation of these programs beyond 30, 60, or 90-day reports, or if an evaluation is only conducted when asked, are vital to overseeing the programs. The Review Group must not rely exclusively on detailed employees from the Executive Branch or the intelligence community. It should reach out to the Technical Advisory Groups of both the SSCI and HPSCI. The Review Group could also hire an outside technologist to serve as an independent expert for the Review Group.

Related Updates

Lt. Gen. Paul Nakasone, the new nominee to direct the NSA, faced questions Thursday from the Senate Select Committee on Intelligence about how he would lead the spy agency. One committee member, Senator Ron Wyden (D-OR), asked the nominee if he and his agency could avoid the mistakes of...

Once-secret surveillance court orders obtained by EFF last week show that even when the court authorizes the government to spy on specific Americans for national security purposes, that authorization can be misused to potentially violate other people’s civil liberties.
These documents raise larger questions about whether the government can...

Last month, Congress reauthorized Section 702, the controversial law the NSA uses to conduct some of its most invasive electronic surveillance. With Section 702 set to expire, Congress had a golden opportunity to fix the worst flaws in the NSA’s surveillance programs and protect Americans’ Fourth Amendment rights...

President Donald Trump’s first State of the Union address last night was remarkable for two reasons: for what he said, and for what he didn’t say.
The president took enormous pride last night in claiming to have helped “extinguish ISIS from the face of the Earth.”
But he failed to...

Dear friends,
Today, the United States Congress struck a significant blow against the basic human right to read, write, learn, and associate free of government’s prying eyes.
Goaded by those who let fear override democratic principles, some members of Congress shuttered public debate in order to pass a bill...

UPDATE, January 12, 2018: The Senate could vote Tuesday on a disastrous NSA surveillance extension bill that violates the Fourth Amendment. Click the link at the bottom of the page to email your Senator today and tell them to oppose bill S. 139.
The House of Representatives cast a deeply...

Multiple nonprofit organizations and policy think tanks, and one company have recently joined ranks to limit broad NSA surveillance. Though our groups work for many causes— freedom of the press, shared software development, universal access to knowledge, equal justice for all—our voices are responding to the same threat: the possible...

The Supreme Court announced today that it will not review a lower court’s ruling in United States v. Mohamud, which upheld warrantless surveillance of an American citizen under Section 702 of the Foreign Intelligence Surveillance Act. EFF had urged the Court to take up Mohamud because this...

One of the government’s most powerful surveillance tools is scheduled to sunset in less than three weeks, and, for months, EFF has fought multiple legislative attempts to either extend or expand the NSA’s spying powers—warning the public, Representatives, and Senators about circling bills that threaten Americans’ privacy. But the frenetic...

If you’ve been following EFF’s work, you’ll know that we’ve been fighting against the creeping surveillance state for over 20 years. Often, this means pushing back against the National Security Agency’s dragnet surveillance programs, but as new technology becomes available, new threats emerge.
Here are some of the biggest legislative...